$OpenBSD: patch-source3_smbd_nttrans_c,v 1.1 2013/10/06 22:00:48 brad Exp $

Missing integer wrap protection in EA list reading can cause server to loop with
DoS. CVE-2013-4124

--- source3/smbd/nttrans.c.orig	Wed May  8 04:16:26 2013
+++ source3/smbd/nttrans.c	Thu Sep 26 21:53:10 2013
@@ -989,7 +989,19 @@ struct ea_list *read_nttrans_ea_list(TALLOC_CTX *ctx, 
 		if (next_offset == 0) {
 			break;
 		}
+
+		/* Integer wrap protection for the increment. */
+		if (offset + next_offset < offset) {
+			break;
+		}
+
 		offset += next_offset;
+
+		/* Integer wrap protection for while loop. */
+		if (offset + 4 < offset) {
+			break;
+		}
+
 	}
 
 	return ea_list_head;
